Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 153

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
DraftKings takes over ESPN sports betting partnership from Penn Entertainment
Shipping giant Maersk raises outlook, CEO says global trade proving more resilient than feared
FAA to cut flights by 10% at 40 major airports due to government shutdown
Rising household debt balances point to worsening 'K-shaped' economic divide
Carl Icahn returns to a familiar sector — auto repair — as he builds a 15% stake in Monro
I finally have enough cash to pay off my student loan in full—here's why I'm not doing it
Too early to bet against AI trade, State Street suggests 
Top 10 trending destinations for U.S. travelers in 2026: 'Americans are discovering their own backyard,' expert says
Trump tells Senate Republicans to send federal health insurance money 'directly to the people'
China consumer prices return to growth in October, producer price slump extends to three years